4.2
中危
65 个模型检测该样本为恶意!
重新分析
更多

6ac3329dda9f6d503198339c6f3f582c427f4ee7de409d5b5c2f5a87ee1f08d8

910747fd832b5974deb69a7403817984.exe

分析耗时

40s

最近分析

文件大小

531.5KB
静态报毒 动态报毒 100% AI SCORE=87 BUMMZ2 CHAPAK CLASSIC CONFIDENCE EWVM FILECODERKRYPT FUERBOOSCB GDSDA GENERICKDZ GENKD GLUPTEBA HFUT HFUW HIGH CONFIDENCE HOXR HTSSVI IGENT KCLOUD KRYPTIK MALICIOUS PE MALWARE@#SBDHEPI16CYR PACKECT PWSX R03BC0PHU20 R349696 RANUMBOT SCORE STATIC AI SUSGEN TFCHD TOFSEE UNSAFE VIDARSTEALER WACATAC 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Alibaba Trojan:Win32/Chapak.be728420 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:PWSX-gen [Trj] 20201213 21.1.5827.0
Kingsoft Win32.Troj.Generic_a.a.(kcloud) 20201213 2017.9.26.565
McAfee Packed-GCZ!910747FD832B 20201213 6.0.6.653
Tencent Win32.Trojan.Agent.Hoxr 20201213 1.0.0.1
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620808770.968375
NtProtectVirtualMemory
process_identifier: 1068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 356352
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0340a000
success 0 0
1620808771.171375
NtAllocateVirtualMemory
process_identifier: 1068
region_size: 569344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x034f0000
success 0 0
Foreign language identified in PE resource (22 个事件)
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_ICON language LANG_GEORGIAN offset 0x02f701b0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000468
name RT_GROUP_ICON language LANG_GEORGIAN offset 0x02f70618 filetype data sublanguage SUBLANG_DEFAULT size 0x0000003e
name RT_GROUP_ICON language LANG_GEORGIAN offset 0x02f70618 filetype data sublanguage SUBLANG_DEFAULT size 0x0000003e
name RT_GROUP_ICON language LANG_GEORGIAN offset 0x02f70618 filetype data sublanguage SUBLANG_DEFAULT size 0x0000003e
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.922203276549982 section {'size_of_data': '0x0006aa00', 'virtual_address': '0x00001000', 'entropy': 7.922203276549982, 'name': '.text', 'virtual_size': '0x0006a870'} description A section with a high entropy has been found
entropy 0.8039585296889726 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
File has been identified by 65 AntiVirus engines on VirusTotal as malicious (50 out of 65 个事件)
Bkav W32.FuerboosCB.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69795
CAT-QuickHeal Trojan.Agent
ALYac Trojan.GenericKDZ.69795
Cylance Unsafe
Zillya Trojan.Chapak.Win32.87192
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Chapak.be728420
K7GW Trojan ( 00569e421 )
K7AntiVirus Trojan ( 00569e421 )
Cyren W32/Trojan.EWVM-6486
Symantec Packed.Generic.525
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Glupteba-9622151-0
Kaspersky HEUR:Trojan.Win32.Agent.pef
BitDefender Trojan.GenericKDZ.69795
NANO-Antivirus Trojan.Win32.Chapak.htssvi
ViRobot Trojan.Win32.Z.Chapak.544256
Avast Win32:PWSX-gen [Trj]
Rising Trojan.Kryptik!1.CB4D (CLASSIC)
Ad-Aware Trojan.GenericKDZ.69795
Sophos Mal/Generic-S
Comodo Malware@#sbdhepi16cyr
F-Secure Trojan.TR/AD.VidarStealer.tfchd
DrWeb Trojan.PWS.Stealer.29176
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R03BC0PHU20
McAfee-GW-Edition BehavesLike.Win32.Generic.hc
MaxSecure Trojan.Malware.73433573.susgen
FireEye Generic.mg.910747fd832b5974
Emsisoft Trojan.GenericKDZ.69795 (B)
SentinelOne Static AI - Malicious PE
GData Trojan.GenericKDZ.69795
Jiangmin Backdoor.Tofsee.cth
Webroot W32.Trojan.GenKD
Avira TR/AD.VidarStealer.tfchd
MAX malware (ai score=87)
Antiy-AVL Trojan/Win32.Chapak
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Win32.Packed.oa
Arcabit Trojan.Generic.D110A3
AegisLab Trojan.Win32.Chapak.4!c
ZoneAlarm HEUR:Trojan.Win32.Packect.gen
Microsoft Trojan:Win32/Filecoderkrypt.SG!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Kryptik.R349696
Acronis suspicious
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-10-04 02:03:23

Imports

Library KERNEL32.dll:
0x401014 FindResourceExW
0x40101c GetCurrentProcess
0x401028 SetEvent
0x40102c GetModuleHandleW
0x401030 GetTickCount
0x401038 GetConsoleTitleA
0x40103c ReadConsoleW
0x401040 GetConsoleCP
0x401044 GlobalAlloc
0x401048 ReadConsoleInputA
0x401050 GetFileAttributesA
0x401054 lstrcpynW
0x401058 GetTimeFormatW
0x40105c LocalReAlloc
0x401060 ReadFile
0x401064 GetModuleFileNameW
0x401068 GetVolumePathNameA
0x40106c VerifyVersionInfoW
0x401070 InterlockedExchange
0x401074 ReleaseActCtx
0x401078 SetLastError
0x40107c GetTapeStatus
0x401084 HeapUnlock
0x401088 VerLanguageNameW
0x40108c GetAtomNameA
0x401098 GetTapeParameters
0x40109c CreateMutexA
0x4010a0 GetStringTypeW
0x4010a4 VirtualProtect
0x4010a8 EnumDateFormatsW
0x4010b0 GetCPInfoExA
0x4010b8 DeleteFileW
0x4010c0 lstrcpyA
0x4010c4 CommConfigDialogA
0x4010c8 AllocConsole
0x4010cc FreeResource
0x4010d0 HeapReAlloc
0x4010d4 GetDevicePowerState
0x4010e0 Sleep
0x4010f8 GetStartupInfoW
0x4010fc GetLastError
0x401100 HeapFree
0x401104 RtlUnwind
0x401108 RaiseException
0x40110c GetProcAddress
0x401110 ExitProcess
0x401114 WriteFile
0x401118 GetStdHandle
0x40111c GetModuleFileNameA
0x401120 HeapAlloc
0x401124 TerminateProcess
0x401128 IsDebuggerPresent
0x401134 GetCommandLineW
0x401138 SetHandleCount
0x40113c GetFileType
0x401140 GetStartupInfoA
0x401144 TlsGetValue
0x401148 TlsAlloc
0x40114c TlsSetValue
0x401150 TlsFree
0x401154 GetCurrentThreadId
0x401158 HeapCreate
0x40115c VirtualFree
0x401164 GetCurrentProcessId
0x40116c HeapSize
0x401170 VirtualAlloc
0x401174 GetCPInfo
0x401178 GetACP
0x40117c GetOEMCP
0x401180 IsValidCodePage
0x401184 GetLocaleInfoA
0x401188 GetStringTypeA
0x40118c MultiByteToWideChar
0x401190 LoadLibraryA
0x401198 GetModuleHandleA
0x40119c LCMapStringA
0x4011a0 WideCharToMultiByte
0x4011a4 LCMapStringW
Library ADVAPI32.dll:
0x401000 BackupEventLogA
0x401004 CloseEventLog
0x40100c RegQueryValueExA

Exports

Ordinal Address Name
1 0x404be0 @GetFirstVice@0

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 55369 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.